1. About us
The website store.fidelis-research.com is an online store where you can make purchases and inquiries of selected categories with a variety of ethically provided human tissue specimens and samples. The website store.fidelis-research.com is the property of FIDELIS RESEARCH / UIC: BG204414659, with registered office / headquarters: Sofia 1618, 3 Maistor Pavel ot Krimin str., fl.3, ap.10 / Tel .: (+359) 2 448 5785, e-mail: firstname.lastname@example.org, website: www.fidelis-research.com .
When we use "we", "us", “the company” and verbs in this form in the text below, we mean FIDELIS RESEARCH.
You can address all your questions regarding this policy and subject data rights at email@example.com .
2. Subject-matter and scope
This Policy lays down the rules regulating the organisation of processing and protection of personal data of customers, counterparties and partners of FIDELIS RESEARCH and all other groups of natural persons that FIDELIS RESEARCH enters relationships with when carrying out its business activity.
3. Regulatory references
REGULATION (EU) 2016/679 of the European Parliament and of the Council of the European Union
Bulgarian Personal Data Protection Law
4. Terms and definitions
1) “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2) “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3) “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
4) “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
5) “Consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
6) “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
7) “Genetic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
8) “Biometric data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
9) “Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
5. General provisions
FIDELIS RESEARCH is a data controller under Art. 4, item 7 of General Data Protection Regulation (EU) 2016/679.
As a data controller, FIDELIS RESEARCH, when processing personal data, complies with the principles for personal data protection provided for in General Data Protection Regulation(EU) 2016/679 and the legislation of the European Union and the Republic of Bulgaria.
5.1. Principles relating to processing of personal data
When processing personal data, FIDELIS RESEARCH adheres to the following principles:
1) Lawfulness, fairness and transparency - Personal data are processed lawfully, fairly and in a transparent manner in relation to the data subject.
2) Purpose limitation - Personal data are collected and/or processed for specified, explicit and legitimate purposes only and are not further processed in a manner that is incompatible with those purposes.
3) Data minimisation - Personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected and processed.
4) Accuracy - Personal data are kept accurate and up to date to be fit for achieving the purposes for which they are processed.
5) Storage limitation - Personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed.
6) Integrity and confidentiality - Personal data are collected, stored and processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
7) Accountability - The company applies the principles listed above and keeps the necessary documents and records as a proof.
5.2. Rights of data subjects
FIDELIS RESEARCH ensures the rights of data subjects when fulfilling its obligations as data controller or processor. These rights are the following:
5.2.1. Right to information
FIDELIS RESEARCH process the following categories of personal data:
- Names, address, company address;
- e-mail, phone contact;
- IP address data;
- Payment information;
- Invoicing data;
- Plugins used by the online store may also collect personal information;
- Personal data from other sources - for example, from social applications;
- Credit card dates of validity, credit card numbers.
All data is processed as required by law and legitimate business purposes, for the purposes of contracting or with your consent.
5.2.2. Right to access
FIDELIS RESEARCH, acting as a data controller, shall provide the data subject with confirmation as to whether or not his or her personal data are being processed and, where that is the case, it shall grant the data subject access to the personal data and the following information:
- the period of storage or the criteria used to determine that period: store.fidelis-research.com stores the collected personal information of its customers for the shortest period required to comply with the laws and our business objectives. We may also keep your personal data for a longer period, if required by law or for legitimate business purposes, unless prohibited by law.
- the recipients or categories of recipients of the personal data:
А) Bodies, institutions and persons to whom store.fidelis-research.com is obliged to provide personal data under a special legal provision or to protect its own rights.
B) Persons entrusted with the activities of designing, packing, delivering the goods in connection with the purchase, maintenance, return or provision of explanatory information and features for products offered by store.fidelis-research.com.
C) Courier companies - we share your names, phone number, addresses, postal code, choice of courier office;
D) Marketing service providers;
E) IT providers;
F) Other companies with which our online store cooperates to offer, sell and provide services to and for our products;
G) Social medias such as Facebook and Google;
H) Software Company Mirchev Ideas Ltd. as the developer and hosting provider of the Seliton online shopping platform.
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing:
- where the personal data are not collected from the data subject, any available information as to their source.
5.2.3. Right to rectification
FIDELIS RESEARCH, acting as a data controller, shall provide the data subject with the opportunity to request rectification of inaccurate personal data concerning him or her without undue delay.
Considering the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
To correct your personal information, change the address, password or edit of your account, or subscribe or unsubscribe for a newsletter, visit the following link: https://store.fidelis-research.com/login.html
5.2.4. Right to erasure
FIDELIS RESEARCH, acting as a data controller, shall provide the data subject with the opportunity to request the erasure of the personal data concerning him or her without undue delay.
FIDELIS RESEARCH shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected;
- the data subject withdraws consent (if such consent was given);
- in case of objection to the processing and proof of lack of legal grounds;
- in case of unlawful processing.
When erasing data, FIDELIS RESEARCH, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Тo request the deletion of your personal data please visit the following link: https://store.fidelis-research.com/gdpr.html. Deleting your data will delete all the stored information about you on our site and there will be no information about your names, address, telephone number, addresses visited, orders placed, etc.
5.2.5. Right to data portability
FIDELIS RESEARCH, acting as a data controller, ensures data portability if the conditions provided for in Art. 20, para. 1 of the Regulation are fulfilled and it shall transmit without hindrance the personal data concerning the data subject in a structured, commonly used and machine-readable format.
FIDELIS RESEARCH may directly transmit the personal data to another controller where this is technically feasible at the request of the data subject.
5.2.6. Right to object
FIDELIS RESEARCH, acting as a data controller, shall provide the data subject with the opportunity to object, at any time and on grounds relating to his or her particular situation, to processing of personal data concerning him or her, including profiling.
FIDELIS RESEARCH shall no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
5.2.7. Rights related to automated individual decision-making, profiling
FIDELIS RESEARCH, acting as a data controller, shall inform the data subject (if this is actually done) about the existence of an automated decision-making, including profiling (Art. 22 of the Regulation), as well as any essential information about the logic used and the significance and foreseeable consequences of such processing for the data subject.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
The company does not process data based on automated data decisions.
6. Complaints, inquiries and requests related to personal data
Any data subject or data controller shall have the right to submit a request or lodge a complaint related to the personal data processed by FIDELIS RESEARCH. All legal requirements shall be complied with in the process of handling requests, complaints and inquiries.
Persons who have consented to the processing of their personal data may at any time object to the processing of their data by sending an email to firstname.lastname@example.org .
Any data subject or data controller may exercise their right of appeal to the Commission for Personal Data Protection, which is the Data Protection Supervisor:
Commission for Personal Data Protection:
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov blvd.
7. Ensuring security of personal data
FIDELIS RESEARCH implements technical and organisational measures to ensure an appropriate level of security of personal data that it shall process as follows:
7.1. Physical protection
The main organisational measures for physical protection in FIDELIS RESEARCH include:
- determining the premises where personal data will be processed;
- determining the premises where the elements of the communications and information systems for personal data processing will be located;
- determining the organisation of the physical access.
Personal data of our clients is stored in the administrative panel on an encrypted page in an online platform store.fidelis-research.com.
All measures are consistent with the modern technological advances and ensure a level of protection which is adequate to the risks related to the processing activities and the category of protected data.
7.2. Protection of automated information systems
The company does not process data based on automated data decisions.
For all matters which are not settled in this Policy, the provisions of General Data Protection Regulation (EU) 2016/679 shall apply, as well as the applicable European Union law and the legislation of the Republic of Bulgaria regarding personal data protection.